Opened 6 years ago

Last modified 12 days ago

#5611 assigned defect

Enhance "Transparent Torification (Requires custom transproxy or Tor router)" in Tor Button.

Reported by: proper Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: proper@…, Sebastian, erinn, intrigeri, rransom, Shondoit, arma, torbox@…, adrelanos@…, ioerror Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I suppose you don't want people, who are behind a (Tor) transproxy or Tor router, to use Tor over Tor. Currently there is no standalone Tor Browser (#5236). So if they install Tor Browser, they use Tor over Tor (works, slow and recommend or advised against?). Suggestion: once Transparent Torification is activated, Tor Browser instantly starts standalone, without starting Tor or Vidalia.

Ideally one could select this feature before Vidalia and Tor try bootstrapping through the Tor proxy, e.g. by passing an option to the launch shortcut/script

There is currently a workarround in the wiki. ("Edit 'start-tor-browser' script and change the line: './App/vidalia --datadir Data/Vidalia/' to './App/Firefox/firefox -profile ./Data/profile'") But that can't become the official recommendation to use Transparent Torification?

And how will Transparent Torification be compatible with SOCKS username for stream isolation? (#3455)
There is no documentation about Transparent Torification. What is the current implementation... Will it simply disable the proxy and work as a normal browser without proxy settings? Then SOCKS username for stream isolation wouldn't be usable with Transparent Torification.

Child Tickets

Attachments (7)

start-only-tor-browser (6.7 KB) - added by proper 6 years ago.
start-tor-browser (7.2 KB) - added by proper 6 years ago.
2
tor-browser-standalone (41 bytes) - added by proper 6 years ago.
start-tor-browser.2 (7.4 KB) - added by proper 6 years ago.
3
start-tor-browser.3 (7.4 KB) - added by proper 5 years ago.
4
torbrowser-standalone (7.8 KB) - added by proper 5 years ago.
0114-added-wrapper-as-requested-by-mikeperry-in-https-tra.patch (8.7 KB) - added by proper 5 years ago.

Download all attachments as: .zip

Change History (58)

comment:1 Changed 6 years ago by proper

Cc: proper@… added

comment:2 in reply to:  description Changed 6 years ago by arma

Replying to proper:

So if they install Tor Browser, they use Tor over Tor (works, slow and recommend or advised against?).

Recommended against, mainly because we're likely to make it fail to work at some point in the future (#2667).

comment:3 Changed 6 years ago by mikeperry

Component: TorBrowserButtonTor bundles/installation
Owner: mikeperry deleted
Priority: majornormal
Status: newassigned

Patches welcome.

comment:4 Changed 6 years ago by proper

Status: assignedneeds_information

Will you accept multiple starters/start scripts? start-tor-browser-bundle, start-only-tor-browser. That would be easy to provide. I could probable do it.

Or which implementation do you wish?

comment:5 Changed 6 years ago by mikeperry

For Linux, that sounds great. However on Mac and Windows? Not sure. Of course, that need not block your Linux implementation as far as I'm concerned. At the very least, I bet we could convince the Tails people to use TBB then. It breaks my heart that they don't right now.

An alternative way to do this is to have Vidalia ask the user. See the prompt we create in Vidalia 0.3.2 for #2905 that asks users if they want to avoid connecting to the public network. That prompt could be adapted to also ask the user about upstream transparent tors, and to pass a special environment variable to Tor Browser to tell it to use transparent mode.

comment:6 Changed 6 years ago by mikeperry

By special, I probably mean a magic value for $TOR_CONTROL_PORT and $TOR_CONTROL_PASSWD, not a new variable.

comment:7 in reply to:  6 Changed 6 years ago by mikeperry

Replying to mikeperry:

By special, I probably mean a magic value for $TOR_CONTROL_PORT and $TOR_CONTROL_PASSWD, not a new variable.

Or maybe I don't. This would ruin our ability to optionally provide a real "New Identity" button that actually gets you a new circuit.

comment:8 in reply to:  5 ; Changed 6 years ago by proper

Replying to mikeperry:

An alternative way to do this is to have Vidalia ask the user. See the prompt we create in Vidalia 0.3.2 for #2905 that asks users if they want to avoid connecting to the public network. That prompt could be adapted to also ask the user about upstream transparent tors, and to pass a special environment variable to Tor Browser to tell it to use transparent mode.

I can't do this one. Someone else free to do it.

For Linux, that sounds great. However on Mac and Windows? Not sure. Of course, that need not block your Linux implementation as far as I'm concerned. At the very least, I bet we could convince the Tails people to use TBB then. It breaks my heart that they don't right now.

Good, that I don't have to provide a cross platform implementation. I know nothing about mac. I may be able, later, to provide the Windows starter as well.

The linux start scripts are done. Where shall I upload?

comment:9 in reply to:  8 ; Changed 6 years ago by mikeperry

Cc: Sebastian erinn T(A)ILS developers added

Replying to proper:

Replying to mikeperry:

An alternative way to do this is to have Vidalia ask the user. See the prompt we create in Vidalia 0.3.2 for #2905 that asks users if they want to avoid connecting to the public network. That prompt could be adapted to also ask the user about upstream transparent tors, and to pass a special environment variable to Tor Browser to tell it to use transparent mode.

I can't do this one. Someone else free to do it.

Ok, I created #5658 for it.

For Linux, that sounds great. However on Mac and Windows? Not sure. Of course, that need not block your Linux implementation as far as I'm concerned. At the very least, I bet we could convince the Tails people to use TBB then. It breaks my heart that they don't right now.

Good, that I don't have to provide a cross platform implementation. I know nothing about mac. I may be able, later, to provide the Windows starter as well.

The linux start scripts are done. Where shall I upload?

Attaching it here seems good. Set "needs_review" when you do. We'll then want Sebastian, Erinn, and the tails crew to inspect it/test it for their use cases.

comment:10 Changed 6 years ago by mikeperry

Cc: intrigeri added

Changed 6 years ago by proper

Attachment: start-only-tor-browser added

comment:11 Changed 6 years ago by proper

It's attached. Don't laugh please. Changes to the original script are minimal. Not genius.

It's compatible with 'apt-get install tor vidalia' form the tor repository. I tested, closing Tor Browser (started by the modified script), will not cause closing Tor or Vidalia.

I don't have an option "needs_review". "Only leave as needs_information" "resolve as..." "reassign to..." and "accept" are available to me.

comment:12 in reply to:  9 ; Changed 6 years ago by intrigeri

Replying to mikeperry:

We'll then want Sebastian, Erinn, and the tails crew to inspect it/test it for their use cases.

Tails does not use transparent torification, so at first glance, it seems to me we don't need any such thing.

comment:13 in reply to:  12 ; Changed 6 years ago by proper

Replying to intrigeri:

Replying to mikeperry:

We'll then want Sebastian, Erinn, and the tails crew to inspect it/test it for their use cases.

Tails does not use transparent torification, so at first glance, it seems to me we don't need any such thing.

I believe the script may be useful for Tails as well. It unbundels Tor Browser from Tor/Vidalia. You can start Tor Browser as a standalone, without starting the Tor/Vidalia from the TBB package.

The script I uploaded, is indeed useful for Transparent Torification. But it is only one step, in enhancing the Transparent Torification support.

The script is also useful, if you have Tor/Vidalia installed anyway (for other applications, such as Pidgin or whatever), and want to use Tor Browser, without the bundled Tor/Vidalia.

If you want Tor Browser in Tails, you need to be able to terminate Tor Browser, without closing Tor/Vidalia. That's what the script does.

comment:14 Changed 6 years ago by T(A)ILS developers

Cc: tails@… added

comment:15 Changed 6 years ago by proper

Owner: set to proper
Status: needs_informationaccepted

comment:16 Changed 6 years ago by proper

Status: acceptedneeds_review

comment:17 in reply to:  13 ; Changed 6 years ago by T(A)ILS developers

Replying to proper:

I believe the script may be useful for Tails as well. It unbundels Tor Browser from Tor/Vidalia. You can start Tor Browser as a standalone, without starting the Tor/Vidalia from the TBB package.
[...
If you want Tor Browser in Tails, you need to be able to terminate Tor Browser, without closing Tor/Vidalia. That's what the script does.

OK. I (intrigeri) will review this script with my Tails hat, then. Don't hesitate pinging me if there has been no movement from me in a few weeks.

For the record, this ticket is referenced on a related task page of ours:
https://tails.boum.org/todo/replace_iceweasel_with_Torbrowser__63__/

comment:18 in reply to:  17 Changed 6 years ago by intrigeri

Replying to T(A)ILS developers:

OK. I (intrigeri) will review this script with my Tails hat, then.

I've successfully used this script to start torbrowser inside a Tails session. I believe this script is a nice first step towards a torbrowser that could be usable in Tails. I've started to list limitations in the "Integration that would be needed" section of the Tails todo page linked above.

comment:19 Changed 6 years ago by mikeperry

Cc: rransom added

Ok, so intrigeri, rransom, others: What are the missing pieces before we can include a second copy of RelativeLink.sh for Tails users?

It would be hot if users could just use a TBB copy on a USB dongle from inside Tails using an alternate launcher script. Can we get at least to that point? Or should it be a command line option instead?

comment:20 Changed 6 years ago by intrigeri

Adding the proposed script (or, probably better, a command-line option + tiny wrapper) would allow adventurous Tails users to start the Torbrowser. I don't think anything more is needed to get to this point now.

(For better, deeper integration with the rest of Tails, that is to get to something we could actually support, see the todo page I pointed to above.)

comment:21 Changed 6 years ago by proper

Status: needs_reviewneeds_information

I can add a command-line option to the script, no problem. No option or wrong option results in the regular behavior and -transparent will only start TorBrowser. (And won't start neither Tor nor Vidalia.)

"-transparent" can be renamed to anything you wish. Just tell me. Probable "-transparent" is not the best name.

What do you mean by tiny wrapper?

comment:22 in reply to:  21 Changed 6 years ago by intrigeri

Status: needs_informationneeds_revision

Replying to proper:

I can add a command-line option to the script,
"-transparent" can be renamed to anything you wish. Just tell me. Probable "-transparent" is not the best name.

I suggest --standalone to ask to start only the Torbrowser.

What do you mean by tiny wrapper?

A small script whose only job is to run start-tor-browser with the --standalone option, so that one can run it without the need to use the command-line.

comment:23 Changed 6 years ago by intrigeri

Status: needs_revisionassigned

Changed 6 years ago by proper

Attachment: start-tor-browser added

2

comment:24 Changed 6 years ago by proper

Status: assignedneeds_review

Ok, added -standalone.

The tiny wrapper, for what would we need it? I can do it. But it wouldn't contain more than "start-tor-browser -standalone", which is kinda a waste.

Not sure if a command line option / wrapper is the best way. I see two use cases here. Tails and TorBOX.

Shouldn't we rather agree on an environment variable? Perhaps related to #5658 TOR_TRANSPROXY=1.

comment:25 Changed 6 years ago by intrigeri

As far as Tails is concerned, given this will initially be missing tons of integration, and totally unsupported, I think we don't care.

But if I were ever asked what could make it easier, for actual users, to try this thing out, then I'd answer something like "whatever as long as they don't need to use the command line" again.

comment:26 Changed 6 years ago by mikeperry

I agree with intrigeri. I think that means a braindead wrapper is still useful. You can simply click on it, drag it to the desktop, etc. The name of the script can also make you aware of the possibility of using Tor Browser standalone without needing to read through the source code to the script, or run it with -help.

As for the env var, I assume that's something I need to listen for in Torbutton to set the proxy settings right? Or is it something for Vidalia, too?

Changed 6 years ago by proper

Attachment: tor-browser-standalone added

Changed 6 years ago by proper

Attachment: start-tor-browser.2 added

3

comment:27 Changed 6 years ago by proper

Replying to intrigeri:

As far as Tails is concerned, given this will initially be missing tons of integration, and totally unsupported, I think we don't care.
But if I were ever asked what could make it easier, for actual users, to try this thing out, then I'd answer something like "whatever as long as they don't need to use the command line" again.

But why command line switch or environment variable. We can do both.

Now supported environment variable TB_STANDALONE=1 or -standalone command line switch.

You could add this to the next Tails release.

TB_STANDALONE=1
export TB_STANDALONE

Without sacrificing anything. People who want can use TorBrowser until you fixed the integration issues. See this as the first step.

Let's get this merged and then I suggest filling related tickets. I see were I can help out with scripting, today sh, tomorrow perhaps js.

Replying to mikeperry:

I agree with intrigeri. I think that means a braindead wrapper is still useful. You can simply click on it, drag it to the desktop, etc. The name of the script can also make you aware of the possibility of using Tor Browser standalone without needing to read through the source code to the script, or run it with -help.

Ok, done. Attached wrapper as tor-browser-standalone.

As for the env var, I assume that's something I need to listen for in Torbutton to set the proxy settings right? Or is it something for Vidalia, too?

Not sure if that requires a new ticket. Yeah, well, cooperation between the script, Tails, TorBOX, Tor, TorBrowser, Vidalia. As the transparent proxy user, I'll look into the existing tickets and try to make suggestions. Additionally I might create new patches (only scripting, unfortunately can't learn C in time).

Torbutton Example:

TB_HTTP=127.0.0.1:8118
TB_HTTP=""
TB_SSL=127.0.0.1:8118
TB_FTP=127.0.0.1:8118
TB_GOPHER=127.0.0.1:8118
TB SOCKS=192.168.0.1:9100
TB_NO_PROXY=127.0.0.1;128.0.0.1;... (ports ignored)

TOR_TRANSPROXY=1
TB_RECOMMEND=1 (set back recommend default proxy settings)

comment:28 Changed 6 years ago by proper

One thing wrt the environment variable is bugged up when using desktop environments. export TB_STANDALONE works in console.

But each desktop environment requires modifying a special file.

Otherwise the graphical desktop ignores the environment variables.

Is this expected? I don't think that's something I could fix with sh scripts?

comment:29 Changed 6 years ago by mikeperry

Keywords: MikePerry201206 added

Putting a tag on this for me so I don't forget to at least file new tickets and otherwise help push this along.

comment:30 Changed 5 years ago by unknown

I experimenting to running standalone TorBrowsers separating with iptables and parallel running X-sessions. My goal is to use direct connection to different SOCKSports in local system (non-TBB) Tor-daemon ( see crosspost about the problem ) or using "Transparent Torification" to connect different TransPort and DNSport. Checking "TT"-option in TorButton not help, TorBrowser still trying connect to localhost through 9050 SOCKS.

Changed 5 years ago by proper

Attachment: start-tor-browser.3 added

4

comment:31 Changed 5 years ago by proper

Fixed one minor thing. (Missing quotes complaint when executed in shell.)

Like the script commands states:

# In case you only want to start TorBrowser and do not want to start
# Tor/Vidalia.
# either set in shell
#   TB_STANDALONE=1
#   export TB_STANDALONE
# or start the script -standalone

Both tested it again and working.

"start-tor-browser.3 Download (7.4 KB) - added by proper 7 seconds ago. 4 " is "latest".

What do we actually need to get this merged?

comment:32 Changed 5 years ago by mikeperry

Status: needs_reviewneeds_revision

I pushed the script to mikeperry/bug5611. I think the script changes itself are OK, and mergable by itself, but I think we should also merge a wrapper, too.

I also created #6254 for the Torbutton side. We'll use the env var TOR_TRANSPROXY=1 there.

The question now becomes what should our wrapper script(s) look like? Here's the variables you want to set and why:

# You need these for New Identity:
TOR_CONTROL_PORT
TOR_CONTROL_PASSWD or TOR_CONTROL_COOKIE_AUTH_FILE

# You need this to specify Transtor:
TOR_TRANSPROXY=1

# You need these to specify a SOCKS port (if not transtor):
TOR_SOCKS_HOST
TOR_SOCKS_PORT

What wrappers scripts should we include with defaults for the above, if any? We can probably include one for specific for the Tail's setup. What values do we need for that?

comment:33 Changed 5 years ago by Shondoit

Cc: Shondoit added

comment:34 in reply to:  32 Changed 5 years ago by proper

Regarding "needs revision": If you need any more bash/sh scripting, I'll do that as my skills allow that.

Replying to mikeperry:

The question now becomes what should our wrapper script(s) look like? Here's the variables you want to set and why:

# You need these for New Identity:
TOR_CONTROL_PORT
TOR_CONTROL_PASSWD or TOR_CONTROL_COOKIE_AUTH_FILE

Please only optional, not compulsory.
Usecase: It makes sense to run Tor Browser in a untrusted environment (ex: VM). Tor runs on a more trusted machine. Tor will only relay traffic for Tor Browser but not accept any other commands. Controlling Tor has to be done using Vidalia and/or arm on the second machine.

# You need this to specify Transtor:
TOR_TRANSPROXY=1

Suggested enhancement:
# Uncomment the following line to if you are using a transparent Tor proxy.
#TOR_TRANSPROXY=1

# You need these to specify a SOCKS port (if not transtor):
TOR_SOCKS_HOST
TOR_SOCKS_PORT

# You need these to specify a SOCKS port (if not transtor):
#TOR_SOCKS_HOST=127.0.0.1
#TOR_SOCKS_PORT=9050

What wrappers scripts should we include with defaults for the above, if any?

Only one to support apt-get install tor users. Tor Browser should be able to use a system wide installed Tor without much configuration.

"Tor distros" (Tails, Liberte Linux, TorBOX, etc.) can easily add their own wrapper. A wrapper should be no more than a tiny script, which runs on boot and sets the required environment variables.

We can probably include one for specific for the Tail's setup.

I can't speak for Tails, but shipping a Tails one for all Tor users doesn't sound good.
You are not going to include a Liberte Linux or TorBOX one. Let's do it generic. Therefore...
Wouldn't it be better if the Tails dev include the required settings into the next Tails release?

comment:35 Changed 5 years ago by mikeperry

Keywords: MikePerry201207 added; MikePerry201206 removed

Ok proper, I agree with all of the comments above, save for perhaps the TOR_SOCKS_* variables being commented by default. They should be set to the values used by the debian apt-get install tor.

How is your git-fu? Can you add a minimal debian-compatible wrapper script to my branch at mikeperry/bug5611, make sure it works for you, and either push it somewhere, or create a git format-patch for attachment here?

comment:36 Changed 5 years ago by mikeperry

Cc: arma added

Changed 5 years ago by proper

Attachment: torbrowser-standalone added

comment:37 Changed 5 years ago by proper

Status: needs_revisionneeds_review

I don't know git well enough yet to do it.

I added the wrapper, torbrowser-standalone. Give it any name. Use it together with the already committed changes.

Tested/working:

  • start Tor Browser Bundle as usual
  • start Tor Browser standalone
  • connect Tor Browser standalone to locally installed Tor

Not working, but this wasn't the goal:
1) start Tor Browser Bundle
2) close Tor Browser (Vidalia/Tor will continue to run)
3) start Tor Browser standalone and connect it

Any idea why it's not working? Maybe I can add this as well while we're at it.

comment:38 Changed 5 years ago by proper

Cc: torbox@… added

comment:39 Changed 5 years ago by mikeperry

Keywords: MikePerry201208 added; MikePerry201207 removed

comment:40 Changed 5 years ago by proper

Cc: adrelanos@… added

comment:41 in reply to:  37 Changed 5 years ago by proper

Replying to proper:

I don't know git well enough yet to do it.

I added the wrapper, torbrowser-standalone. Give it any name. Use it together with the already committed changes.

Tested/working:

  • start Tor Browser Bundle as usual
  • start Tor Browser standalone
  • connect Tor Browser standalone to locally installed Tor

Not working, but this wasn't the goal:
1) start Tor Browser Bundle
2) close Tor Browser (Vidalia/Tor will continue to run)
3) start Tor Browser standalone and connect it

Any idea why it's not working? Maybe I can add this as well while we're at it.

Like said on IRC, forget about it. Completely unrelated issue. Not effected by any changes discussed here. Sorry for off topic.
https://trac.torproject.org/projects/tor/ticket/6023

comment:42 Changed 5 years ago by proper

After talking with Mike on IRC...

The patches won't get accepted, since they are platform specific hacks.

There are many similar related tickets (6, 7, 8 or so) about the startup process, local vs globally installed Tor, TBB vs. Tor IM Bundle vs. TorBirdy, closing Tor Browser while leaving Tor running, restarting Tor Browser without having to restart Tor/Vidalia etc.

The real plan is to wait for Jacob's grand vision for implementing this cleanly for all platforms and use cases.

comment:43 Changed 5 years ago by mikeperry

Cc: ioerror added
Keywords: MikePerry201209 added; MikePerry201208 removed

Hopefully that's not despair I sense in your writing. We need a fair amount of organization to do this right, I think. Jakes idea probably requires a proposal of some kind, but personally I would prefer to start out in a fresh trac ticket and close all the ones mentioned in #6023 as dups to it as opposed to a formal tor-style proposal process. However, Jake also insists on in-person or IRC only discussions, which limits participation by people who aren't concurrently present... I think those people might actually help build this thing for us, which is why I favor trac..

We're sort of in some kind of clusterfuck-impasse on figuring out the right way forward here as a result. I'm really sorry about that, proper.

After hearing Jake's generalized named-pipe idea, I think making a second TBB script just for transtor is silly.. But maybe it's an acceptable stopgap? I'm very conflicted on the immediate situation :/. It might take us so long to figure out the "right" solution that a stopgap is acceptable.

How about this: Maybe someone can just make the "TBB launch script pack" and we can have publicize it around as an auxiliary package Linux users can get independent of TBB that has scripts for launching it in Tails, behind a transtor setup, behind a tor router, in Debian with a system Tor, etc etc etc. That way, we wouldn't have to confuse vanilla-TBB people with multiple launch scripts, and external people can make progress on solution(s) without getting crushed by our process issues?

comment:44 Changed 5 years ago by proper

I could create and maintain a tb startup script pack, I mean, the "source code" (really only very few minimal easy changes) is already ready. There are some open questions regarding the details.

What should I use as repository name?

I could create a github repository. I could add also add a tpo git remote.

Who reviews and uploads them package to torproject.org?

comment:45 Changed 5 years ago by mikeperry

Keywords: MikePerry201209 removed

Probably github is the best plan to start.

comment:46 Changed 5 years ago by proper

Ok, the repository is ready. The Linux implementation works fine for me. I am open for feedback.

https://github.com/adrelanos/tbb-scripts

comment:47 Changed 5 years ago by proper

Can https://github.com/adrelanos/tbb-scripts/blob/master/start-tor-browser replace current TBB Linux bundle start-tor-browser please?

Changes are trivial and it works fine...

Some test cases....

Starting "start-tor-browser" as usual.

  • Works fine. Same behavior as is is right now. TBB user's won't notice a difference.

Starting "start-tor-browser -standalone"

  • Only starts Tor Browser as expected, does not start Vidalia as expected. Fails closed.

Commenting in "export TB_STANDALONE=1" from the script config section.

  • Only starts Tor Browser as expected, does not start Vidalia as expected. Fails closed.

Commenting out "export TB_STANDALONE=1" from the script config section.

  • Works fine. Same behavior as is is right now. TBB user's won't notice a difference.

Setting "TB_STANDALONE=1" in /etc/environment, reboot.

  • Only starts Tor Browser as expected, does not start Vidalia as expected. Fails closed.

Setting "TB_STANDALONE=0" in /etc/environment, reboot.

  • Works fine. Same behavior as is is right now. TBB user's won't notice a difference.

Commenting out "TB_STANDALONE=0" in /etc/environment, reboot.

  • Works fine. Same behavior as is is right now. TBB user's won't notice a difference.

comment:48 Changed 3 years ago by intrigeri

Cc: T(A)ILS developers tails@… removed

comment:49 Changed 3 years ago by proper

Component: Tor bundles/installationTor Browser
Owner: changed from proper to tbb-team
Status: needs_reviewassigned

comment:50 Changed 3 years ago by proper

A lot has changed since. No more vidalia. New tor-launcher add-on.

There is now TOR_SKIP_LAUNCH=1. Reference:
https://trac.torproject.org/projects/tor/ticket/6009#comment:14

Anything left to do here?

comment:51 Changed 12 days ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.